| Posted: Sun Feb 11, 2007 12:48 pm Post subject: Security query | |
| Hi,
I'm interested in using your mod - so downloaded it and had a quick look. I notice that you set a server path in a variable instead of in a constant and wondered if this was perhaps a security problem: $phpbb_root_path = "./../"; Could a hacker pass in their own path (to an external site) via GET to compromise the server? Jimbo |
|
Site Admin
Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia
| Posted: Mon Feb 12, 2007 4:34 am Post subject: | |
| Hi!
Don't worry, everything is ok here. It isn't a use of variable, it's an assignment to the variable. And all the following uses of the variable will use the assigned value, which is constant. This code is used everywhere in phpBB. See, for example, the file "viewtopic.php". _________________ Oleg Parashchenko, bbAntiSpam Do you love our tools? Please sponsor further development! |
|
| Posted: Mon Feb 12, 2007 6:14 pm Post subject: | |
| Ok - thanks for the positive reply.
All the best, Jim |
|